Hackers release data of millions of Ashley Madison cheating site users

© ashleymadison.com
A group of hackers who threatened to release sensitive data about millions of Ashley Madison cheating website users last month have apparently fulfilled their promise after the site’s owner refused to take the resource “offline permanently in all forms.”

A massive dump of data just short of 10 gigabytes was released on the dark web on Tuesday by the Impact Team group claiming to be behind the scandalous Ashley Madison hack. The data appear to include sensitive customer information, such as payment transaction and credit card details, emails, names, addresses, phone numbers and member profiles.

READ MORE: Sexual fantasies exposed: Online cheating site Ashley Madison hacked, 37mn users affected

Although the leaked data did not include full credit card details and billing information, the hack is still a major embarrassment to Avid Life Media Inc., which owns the site, and some 38 million of its users whose private data was exposed.

While the passwords released are hashed, according to Wired, hackers may still eventually crack the easier ones, gaining access to user’s private correspondence if the account is still online.

“Time’s up!” the Impact Team wrote in the introduction to the leak, apparently referencing to Avid Life Media’s decision to keep the website online reassuring their users of increased security measures instead.

“It was ALM that failed you and lied to you,” the group added. “Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it.”

Although it is unknown how much of the personal data is legit, given that people seeking an affair would likely fill out a profile with fake details, the hack is still expected to result in massive public outcry and embarrassment.

Online security analysts and social media users scanning through the leaked database have, for example, already noticed an email address which appears to belong to former UK PM Tony Blair, but since the affair website does not require email address verification some noted that anyone could have used it to set up a fake account.

Meanwhile ALM has acknowledged they know about the release of “more of the stolen data,” the company said in an email to Ars Technica.

“We are actively monitoring and investigating this situation to determine the validity of any information posted online… furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.”

The Royal Canadian Mounted Police and Ontario Provincial Police along with the FBI are investigating the hack, the company said, admitting the bureau’s involvement for the first time.

“This event is not an act of hacktivism, it is an act of criminality,” the company added, emphasizing that they are cooperating with authorities to hold the perpetrators accountable to the “strictest” measures of the law. “The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.”

LISTEN MORE: